Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Examples for ECS in dual-stack mode(IPv4 and IPv6) #249

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Examples for ECS in dual-stack mode(IPv4 and IPv6) #249

wants to merge 4 commits into from

Conversation

maiconrocha
Copy link

@maiconrocha maiconrocha commented Dec 22, 2024
edited
Loading

Description

I have forked the ECS Blueprints from https://github.com/aws-ia/ecs-blueprints

And create the following examples:

core-infra-ipv6 (Code on https://github.com/maiconrocha/ecs-blueprints/tree/main/terraform/ec2-examples/core-infra-ipv6)

This folder contains the Terraform code to deploy the core infratructure for an ECS EC2 based workload. The AWS resources created by the script are:

Networking
VPC in dual-stack mode: your resources can communicate over IPv4, or IPv6, or both. IPv4 and IPv6 communication are independent of each other.
3 public subnets, 1 per AZ. If a region has less than 3 AZs it will create same number of public subnets as AZs.
3 private subnets, 1 per AZ. If a region has less than 3 AZs it will create same number of private subnets as AZs.
1 NAT Gateway
1 Internet Gateway
Associated Route Tables
1 ECS Cluster with Auto Scaling group capacity provider and AWS CloudWatch Container Insights enabled.
Task execution IAM role
CloudWatch log groups
CloudMap service discovery namespace default

lb-service-ipv6( Code on https://github.com/maiconrocha/ecs-blueprints/tree/main/terraform/ec2-examples/lb-service-ipv6)

Which creates the following resources using Terraform:

This solution blueprint creates a web-facing load balanced ECS service.
The Load Balancer is dualstack mode: Clients can connect to the load balancer using both IPv4 addresses (for example, 192.0.2.1) and IPv6 addresses (for example, 2001:db8:85a3::8a2e:0370:7334).
The ECS Task is registered in two different Target groups(ipv4 and ipv6).
Due current limitations, ECS Tasks are not register in ipv6 target type.

Motivation and Context

To address customer demand(as example) #171
To have examples with VPC in dual-stack mode: your resources can communicate over IPv4, or IPv6, or both. IPv4 and IPv6 communication are independent of each other.
and
ECS Tasks registered with IPV4 and IPv6 Address
.

How Has This Been Tested?

  • I have tested and validated these changes using one or more of the provided examples/* projects

By deploying the examples I created, we can confirm that tasks are assigned both ipv4 and ipv6:

For example:

aws ecs describe-tasks --cluster core-infra-ipv6 --tasks arn:aws:ecs:us-west-2:XXXXXXXXXXX:task/core-infra-ipv6/292b1acc88fc4fa1a5e7377f95f56235 --region us-west-2 

"privateIpv4Address": "10.0.0.75",
"ipv6Address": "2600:1f14:2449:8903:799e:226f:712c:c70c"

Regarding ECS Integration with with ELB (ALB and NLB), I was able to confirm the following with ALB Team:

When launching a ECS Task in VPC in dual-stack mode, ECS Task will equip a task with two IPs (IPv4 and IPv6).
However when ECS Service register with ELB, currently, we only support register and deregister the IPv4 address
ELB team is working in enabling integration to support register and deregister ECS tasks using IPv6 address.

This is documented on (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/alb.html#alb-considerations)
"
Consider the following when using Application Load Balancers with Amazon ECS:

Target group must have the IP address type set to IPv4.
"

You can see on the example I provided, that 2 target groups are created: one for IPv4 targets and one for IPv6 targets.
The ECS Tasks IPv6 address are not registered on the target group for IPv6 target, as expected and as explained above.
For the IPv4 target group, tasks are registered and are on HEALTHY status.

I can confirm however, that I can connect to the ALB either via IPv4 or IPv6:

nslookup -type=AAAA ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com	has AAAA address 2600:1f14:2449:8900:287c:69fc:64ad:4de7
ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com	has AAAA address 2600:1f14:2449:8901:8741:c405:2484:cd2

nslookup ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com
Address: 54.214.143.48
Name:	ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com
Address: 54.202.72.26

#connecting via IPv6

-6: This option tells cURL to use IPv6 for the connection.

curl -6 -I http://ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com

HTTP/1.1 200 OK

#connecting via IPv4

curl -I http://ecsdemo-frontend-ipv6-XXXXXXXXX.us-west-2.elb.amazonaws.com

HTTP/1.1 200 OK

  • I have executed pre-commit run -a on my pull request

@maiconrocha maiconrocha requested a review from a team as a code owner December 22, 2024 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@maiconrocha